Sunday, June 10, 2018

I recently decided to use an RPM virtual package (one that offers no files but merely Requires others) in order to lock down the version of packages that were being installed when an EC2 was provisioned. Much to my chagrin it failed miserably when yum loaded packages in an unexpected order. So, can you tell yum what order to load your RPMs?

Tuesday, March 14, 2017

Typically CodeBuild is used as part of your CI/CD pipeline, perhaps along with other AWS tools like CodeCommit, CodePipeline and CodeDeploy.

This blog will explore the use of CodeBuild to build the Bedrock project and update a yum repository. Along the way I'll detail some of the things I've learned and the path I took to automating the Bedrock build.

Sunday, March 12, 2017

I'll blog soon about AWS CodeBuild and CodePipeline when I get around to documenting all of my frustrations but for now, to save some poor souls from losing their hair, here are some quick tips:

CodeBuild is not very helpful regarding malformed YAML in your buildspec.yml file. If things don't work, check to make sure your buildspec.yml file is well formed.

As if that were not bad enough, even if it is well formed, if you include elements it does not recognize it might just skip them silently. I inadvertently used pre-build instead of pre_build and lost some hair on that one.

As verified in this blog post, CodeBuild will not upload artifacts to the root of a bucket - it really wants a folder name. Odd really, since S3 objects have key names and folders do not really exist. I was trying to create a yum repository in a bucket that is hosting a website and wanted my files to in the root of the bucket. No can do pal.

If you want to sync some files to said website bucket and are making the site publicly available by setting permissions as I was using the CLI, you'll need to make sure that your CodeBuild policy that is attached to the role you use to run CodeBuilder has the proper permissions to your S3 bucket. In this case you'll need ListObject, PutObject,GetObject, and PutObjectAcl. Here's what the policy might look like:

Thursday, December 29, 2016

In part one of my two part blog on Amazon's Simple Email Service, we set up the necessary resources to receive and process inbound email. In part two, we'll create a worker that reads an SQS queue and forwards the mail to another email address.

Sunday, December 18, 2016

We all know what a pain in the rump it is to setup, manage, and secure an inbound mail server. It's a thankless job that is increasingly the point of attack for bad guys. It's also possible that if you screw it up you might find yourself in front of Congress!

In our architectures, now more than ever, it is important to reduce the surface area for attacks. That means closing down as many access points to your network as possible. SMTP running on port 25 is a gaping hole that most architects interested in securing their networks want turned off, like yesterday!

If you don't want to completely outsource your inbound mail to a managed service, AWS SES inbound email service is one way to have your cake and eat it too. It's especially useful if you want to allow your application to receive mail but you don't necessarily want or need to host an email service that includes an IMAP or POP server. You may only need to receive mail in which case AWS SES is the perfect solution. Along with a scalable managed service, SES also includes spam filtering capabilities.

In this two part blog, we'll explore setting up a simple inbound mail handler for openbedrock.net using Amazon Web Services Simple Email Service (SES).